A universal resource locator (URL) collider processes a click event referencing a URL and directs a browser to a page at the URL. While the page is being rendered by the browser with page data from a web server, the URL collider intercepts the page data including events associated with rendering the page, determines microfeatures of the page such as Document Object Model objects and any URLs referenced by the page, applies detection rules, tags as evidence any detected bad microfeature, bad URL, or suspicious sequence of events, and stores the evidence in an evidence database. Based on the evidence, a judge module dynamically determines whether to condemn the URL before or just in time as the page at the URL is fully rendered by the browser. If so, the browser is directed to a safe location or a notification page.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The method according to claim 1, wherein the click event referencing the URL is obtained or received from a processing queue, a data store, a URL feed, a service which handles URL threats, an agent of the computer system, or an email server communicatively connected to the computer system.
3. The method according to claim 1, wherein the browser comprises a headless browser.
4. The method according to claim 3, wherein the click event is captured by the headless browser when a user clicks on a URL embedded in a document.
6. The method according to claim 1, wherein the rule identifying the suspicious sequence of events includes detection of a loading of an inline frame by the browser.
8. The system of claim 7, wherein the click event referencing the URL is obtained or received from a processing queue, a data store, a URL feed, a service which handles URL threats, an agent of the system, or an email server communicatively connected to the system.
9. The system of claim 7, wherein the browser comprises a headless browser.
10. The system of claim 9, wherein the click event is captured by the headless browser when a user clicks on a URL embedded in a document.
12. The system of claim 7, wherein the rule identifying the suspicious sequence of events includes detection of a loading of an inline frame by the browser.
14. The computer program product of claim 13, wherein the click event referencing the URL is obtained or received from a processing queue, a data store, a URL feed, a service which handles URL threats, an agent of the computer system, or an email server communicatively connected to the computer system.
15. The computer program product of claim 13, wherein the browser comprises a headless browser running on the device.
16. The computer program product of claim 15, wherein the click event is captured by the headless browser when a user clicks on a URL embedded in a document.
17. The computer program product of claim 13, wherein the rule identifying the suspicious sequence of events includes detection of a loading of an inline frame by the browser.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
April 20, 2023
April 30, 2024
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.